def _tryService(self, services, baseEntry, request, controls, reply):
try:
serviceName = services.pop(0)
except IndexError:
return None
timestamp = self.timestamp()
d = baseEntry.search(
filterObject=pureldap.LDAPFilter_and([
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
'objectClass'),
assertionValue=pureldap.LDAPAssertionValue(
'serviceSecurityObject')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('owner'),
assertionValue=pureldap.LDAPAssertionValue(request.dn)),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('cn'),
assertionValue=pureldap.LDAPAssertionValue(serviceName)),
pureldap.LDAPFilter_or([
# no time
pureldap.LDAPFilter_not(
pureldap.LDAPFilter_present('validFrom')),
# or already valid
pureldap.LDAPFilter_lessOrEqual(
attributeDesc=pureldap.LDAPAttributeDescription(
'validFrom'),
assertionValue=pureldap.LDAPAssertionValue(timestamp)),
]),
pureldap.LDAPFilter_or([
# no time
pureldap.LDAPFilter_not(
pureldap.LDAPFilter_present('validUntil')),
# or still valid
pureldap.LDAPFilter_greaterOrEqual(
attributeDesc=pureldap.LDAPAttributeDescription(
'validUntil'),
assertionValue=pureldap.LDAPAssertionValue(timestamp)),
]),
]),
attributes=('1.1', ))
def _gotEntries(entries):
if not entries:
return None
assert len(entries) == 1 #TODO
e = entries[0]
d = e.bind(request.auth)
return d
d.addCallback(_gotEntries)
d.addCallbacks(callback=self._loopIfNone,
callbackArgs=(services, baseEntry, request, controls,
reply),
errback=self._loopIfBindError,
errbackArgs=(services, baseEntry, request, controls,
reply))
return d
def test_andornot(self):
text = r"(&(!(|(cn=foo)(cn=bar)))(sn=a*b*c*d))"
filt = pureldap.LDAPFilter_and(
[
pureldap.LDAPFilter_not(
pureldap.LDAPFilter_or(
[
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
value="cn"
),
assertionValue=pureldap.LDAPAssertionValue(value="foo"),
),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
value="cn"
),
assertionValue=pureldap.LDAPAssertionValue(value="bar"),
),
]
)
),
pureldap.LDAPFilter_substrings(
type="sn",
substrings=[
pureldap.LDAPFilter_substrings_initial("a"),
pureldap.LDAPFilter_substrings_any("b"),
pureldap.LDAPFilter_substrings_any("c"),
pureldap.LDAPFilter_substrings_final("d"),
],
),
]
)
self.assertEqual(ldapfilter.parseFilter(text), filt)
self.assertEqual(filt.asText(), text)
def test_andornot(self):
text = r'(&(!(|(cn=foo)(cn=bar)))(sn=a*b*c*d))'
filt = pureldap.LDAPFilter_and([
pureldap.LDAPFilter_not(
pureldap.LDAPFilter_or([
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
value='cn'),
assertionValue=pureldap.LDAPAssertionValue(
value='foo')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
value='cn'),
assertionValue=pureldap.LDAPAssertionValue(
value='bar')),
])),
pureldap.LDAPFilter_substrings(
type='sn',
substrings=[
pureldap.LDAPFilter_substrings_initial('a'),
pureldap.LDAPFilter_substrings_any('b'),
pureldap.LDAPFilter_substrings_any('c'),
pureldap.LDAPFilter_substrings_final('d'),
])
])
self.assertEqual(ldapfilter.parseFilter(text), filt)
self.assertEqual(filt.asText(), text)
def test_not_item(self):
text = r'(!(cn=foo))'
filt = pureldap.LDAPFilter_not(
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(value='cn'),
assertionValue=pureldap.LDAPAssertionValue(value='foo')))
self.assertEqual(ldapfilter.parseFilter(text), filt)
self.assertEqual(filt.asText(), text)
def test_not_cn(self):
text = '(!(cn=Tim Howes))'
filt = pureldap.LDAPFilter_not(
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(value='cn'),
assertionValue=pureldap.LDAPAssertionValue(value='Tim Howes')))
self.assertEquals(ldapfilter.parseFilter(text), filt)
self.assertEquals(filt.asText(), text)
def test_not_cn(self):
text = "(!(cn=Tim Howes))"
filt = pureldap.LDAPFilter_not(
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(value="cn"),
assertionValue=pureldap.LDAPAssertionValue(value="Tim Howes"),
)
)
self.assertEqual(ldapfilter.parseFilter(text), filt)
self.assertEqual(filt.asText(), text)
def test_not(self):
o = inmemory.ReadOnlyInMemoryLDAPEntry(dn='cn=foo,dc=example,dc=com',
attributes={
'objectClass': ['a', 'b'],
'aValue': ['a'],
'bValue': ['b'],
})
result = o.match(
pureldap.LDAPFilter_not(
pureldap.LDAPFilter_or([
pureldap.LDAPFilter_present('cValue'),
pureldap.LDAPFilter_present('dValue'),
])))
self.assertEqual(result, True)
def test_not(self):
o = inmemory.ReadOnlyInMemoryLDAPEntry(
dn="cn=foo,dc=example,dc=com",
attributes={
"objectClass": ["a", "b"],
"aValue": ["a"],
"bValue": ["b"],
},
)
result = o.match(
pureldap.LDAPFilter_not(
pureldap.LDAPFilter_or([
pureldap.LDAPFilter_present("cValue"),
pureldap.LDAPFilter_present("dValue"),
])))
self.assertEqual(result, True)
def _p_extensible(s, l, t):
attr, dn, matchingRule, value = t
return pureldap.LDAPFilter_extensibleMatch(matchingRule=matchingRule,
type=attr,
matchValue=value,
dnAttributes=dn)
extensible.setParseAction(_p_extensible)
item = simple ^ present ^ substring ^ extensible
item.setName('item')
item.leaveWhitespace()
not_ = Suppress(Literal('!')) + filter_
not_.setParseAction(lambda s, l, t: pureldap.LDAPFilter_not(t[0]))
not_.setName('not')
filterlist = OneOrMore(filter_)
or_ = Suppress(Literal('|')) + filterlist
or_.setParseAction(lambda s, l, t: pureldap.LDAPFilter_or(t))
or_.setName('or')
and_ = Suppress(Literal('&')) + filterlist
and_.setParseAction(lambda s, l, t: pureldap.LDAPFilter_and(t))
and_.setName('and')
filtercomp = and_ | or_ | not_ | item
filtercomp.setName('filtercomp')
filter_ << (Suppress(Literal('(').leaveWhitespace()) + filtercomp +
Suppress(Literal(')').leaveWhitespace()))
filter_.setName('filter')
filtercomp.leaveWhitespace()
filter_.leaveWhitespace()
